Cybersecurity Advent – Day 07

Today’s Cybersecurity tip is: use a password manager

For a long time, you probably heard that your password should be a mix of upper, lower, special characters, and numbers and that you needed to change it every two or three months. Oh, and you can’t re-use any of the last 30 passwords you’ve ever used or use any part of a real word or any other number of ridiculous requirements.

Fortunately, conventional wisdom has changed. Analysis of a decade’s worth of data showed that those super complex, constantly changing passwords didn’t do much to help. Instead, the new guidelines recommend being more user friendly (hooray!). Long passwords with complexity is still important, but testing those passwords against lists of dictionary passwords and known compromised passwords. And of course, you still need unique passwords for every account you have. In reality, people can’t remember that many unique passwords … even with “looser” guidelines. That’s where password managers come in.

The idea of a (good) password manager is that you only need to remember your secure master password and let the password manager handle remembering all the passwords for your various accounts. This frees up your mind to remember one truly secure password.

There are several well-known and respected password managers out there, and each has its strengths and weaknesses. While there are a lot of options for password managers (Dashlane, LastPass, 1Password, etc.), the basic functionality of them is similar. Your passwords are stored, encrypted by your master password, either in the cloud or locally to your computer. I’ve used LastPass for the last seven years or so. LastPass only encrypts/decrypts my passwords locally, so there’s no worry about a breach on their system. I haven’t had any issues with performance, and the convenience of having my passwords on my computer and on my mobile device has saved me more than once. Bonus, LastPass supports 2FA.

One last thought, I recommend you use a password manager that has a browser extension available. This allows the password manager to fill in form and password information directly on websites you visit. This makes it even more convenient to browse while still staying secure. If you have any specific questions about LastPass or setting (or choosing) your password manager, ask in the comments below.

See you tomorrow!